build: publish to xpkg.upbound.io also

jbw976 · jbw976 · commit 2a85d1921cf2 · 2026-01-12T12:39:36.000-08:00
Signed-off-by: Jared Watts &lt;jbw976@gmail.com&gt;
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,7 +22,13 @@ env:
   XP_CHANNEL: master   # TODO(negz): Pin to stable once v1.14 is released.
   XP_VERSION: current  # TODO(negz): Pin to a version once v1.14 is released.
 
-  # The package to push to GHCR
+  # This CI job will automatically push new builds to xpkg.upbound.io if the
+  # XPKG_ACCESS_ID and XPKG_TOKEN secrets are set in the GitHub respository (or
+  # organization) settings.
+  XPKG_ACCESS_ID: ${{ secrets.XPKG_ACCESS_ID }}
+
+  # The package to push to GHCR and upbound.io
+  XPKG: xpkg.upbound.io/${{ github.repository}}
   CROSSPLANE_REGORG: ghcr.io/${{ github.repository}}
 
   # The package version to push. The default is 0.0.0-gitsha.
@@ -66,7 +72,7 @@ jobs:
   # We want to build most packages for the amd64 and arm64 architectures. To
   # speed this up we build single-platform packages in parallel. We then upload
   # those packages to GitHub as a build artifact. The push job downloads those
-  # artifacts and pushes them as a single multi-platform package. 
+  # artifacts and pushes them as a single multi-platform package.
   build:
     runs-on: ubuntu-24.04
     strategy:
@@ -104,13 +110,13 @@ jobs:
           build-args:
             PYTHON_VERSION=${{ env.PYTHON_VERSION }}
           outputs: type=docker,dest=runtime-${{ matrix.arch }}.tar
-      
+
       - name: Setup the Crossplane CLI
         run: "curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh"
 
       - name: Build Package
         run: ./crossplane xpkg build --package-file=${{ matrix.arch }}.xpkg --package-root=package/ --embed-runtime-image-tarball=runtime-${{ matrix.arch }}.tar
-      
+
       - name: Upload Single-Platform Package
         uses: actions/upload-artifact@v6
         with:
@@ -133,14 +139,21 @@ jobs:
       - name: Download Single-Platform Packages
         uses: actions/download-artifact@v7
         with:
-          # See https://github.com/docker/build-push-action/blob/263435/README.md#summaries
-          pattern: "!*.dockerbuild"
           path: .
           merge-multiple: true
+          pattern: "!*.dockerbuild" # This gets uploaded by docker/build-push-action but must be skipped: https://github.com/actions/toolkit/pull/1874
 
       - name: Setup the Crossplane CLI
         run: "curl -sL https://raw.githubusercontent.com/crossplane/crossplane/master/install.sh | sh"
 
+      - name: Login to Upbound
+        uses: docker/login-action@v3
+        if: env.XPKG_ACCESS_ID != ''
+        with:
+          registry: xpkg.upbound.io
+          username: ${{ secrets.XPKG_ACCESS_ID }}
+          password: ${{ secrets.XPKG_TOKEN }}
+
       # If a version wasn't explicitly passed as a workflow_dispatch input we
       # default to version v0.0.0-<git-commit-date>-<git-short-sha>, for example
       # v0.0.0-20231101115142-1091066df799. This is a simple implementation of
@@ -149,6 +162,10 @@ jobs:
         if: env.XPKG_VERSION == ''
         run: echo "XPKG_VERSION=v0.0.0-$(date -d@$(git show -s --format=%ct) +%Y%m%d%H%M%S)-$(git rev-parse --short=12 HEAD)" >> $GITHUB_ENV
 
+      - name: Push Multi-Platform Package to Upbound
+        if: env.XPKG_ACCESS_ID != ''
+        run: "./crossplane --verbose xpkg push --package-files $(echo *.xpkg|tr ' ' ,) ${{ env.XPKG }}:${{ env.XPKG_VERSION }}"
+
       - name: Login to GHCR
         uses: docker/login-action@v3
         with:
